Docstoc

SIM Card Security - PDF

Document Sample
SIM Card Security - PDF Powered By Docstoc
					SIM Card Security
Sheng He 108005239797

Seminar Work at Chair for Communication Security Prof. Dr.-Ing. Christof Paar advised through Thomas Eisenbarth 12.07.2007

Ruhr-University of Bochum

Contents
Overview ................................................................................................................................3 SIM Card Introduction ......................................................................................................4 2.1 Structure and type ...............................................................................................4 2.2 Cryptographic algorithm and secret key in SIM card.............................5 2.3 SIM File System ....................................................................................................6 2.4 Data and Parameter ............................................................................................7 2.5 The files on the SIM-card ................................................................................10 3 Threats to SIM Data ........................................................................................................11 3.1 Attacks to the COMP128 ..................................................................................11 3.2 SIM cloning ...........................................................................................................11 4 Security features...............................................................................................................12 4.1 Algorithms and subscriber authentication key........................................12 4.2 Authentication......................................................................................................13 4.3 Encryption..............................................................................................................13 4.4 Key Generation....................................................................................................14 4.5 Subscriber data stored in ME.........................................................................15 5 Future Evolution................................................................................................................15 5.1 UMTS .......................................................................................................................15 5.2 WCDMA ...................................................................................................................16 5.3 USIM Card .............................................................................................................17 6 Conclusion ...........................................................................................................................17 References..................................................................................................................................18 1 2

2

1 Overview
Since the GSM communication system has been designed by the Standardization Committee composed of the European leading telecommunication operators and manufacturers, this system concentrates much more on the interests of consumers and operators. Thus, it made great effort to improve its functions including security, convenience etc. In fact, wireless communication will be tapped more easily than fixed communication. If we do not provide any special countermeasures, it could not be difficult to tap or fake a registered user. In the 1980’s, the system of simulation was suffered from the bug of wireless communication so deeply, that the interests of customers were impaired. Therefore, at first, introduction of SIM card technology into the GSM system raises the security level of GSM greatly. It is able to prevent from unauthorized accessing with authentication for protection of the network operators and the interests of users. Moreover, in order to protect the user's privacy, the transmission can be also encrypted to avoid eavesdropping on the wireless channel. Furthermore, it’s replaced by a temporary user identification code, that third parties can not track the wireless channel on GSM users. In addition, all of these confidential mechanisms are controlled by the operators, so it seems to be much safer without participating of those users. As the introduction of the SIM card technology into the GSM communication, the wireless communication has been no long restricted by encryption. As long as the customers bring a card, they could travel all around the world. SIM cards have many characteristics as below: Feature 1, separation of the client & equipment. In GSM communication, SIM cards and mobile equipment have been installed in an open interface to the public, so that users and their equipment lie on the interdependent relationship. Because SIM cards stored cardholder’s customer data, security data, authentication encryption algorithm, etc. As long as customers holding this card, he or she can borrow and hire different mobile stations from different ISPs and obtain different services in the card. Then, it enhances the flexibility of the GSM mobile communication greatly as well as shares equipments among different manufacturers.

3

Feature 2, communications are secure. The SIM card has a permanent memory storage and capacity of calculation. Therefore, it belongs to smart cards. When the cell phone is switched on, customer should enter personal identification numbers (PIN), this code is composed by 4 ~ 8 figures and accessed by keyboard typing. If import three incorrect PIN code, PIN codes are locked, communications terminated, this is one way against the misappropriation pseudo-client communication. If customers forget the code or import by mistake three times, the 0 ~ 9-digit personal unlocking key (PUK) stored in the SIM card can be used to unlock PIN codes, recover it back to normal. However, we should also pay special attention to the importation of 10 PUK wrong, the entire SIM cards abandoned. Only Through the purchase of a new SIM cards can we recover our communication. In the process of calling, if we import the correct PIN code, the Internet start a customer identity authentication, using A3, A8 algorithm stored in the SIM card to compare the results of mobile and Internet calculation and same authentication success. This is the second line of defence to prevent misappropriation Communication. After successful Authentication, in order to protect the confidentiality of client information been transmitted to the other the other side of transmission. Another set of encryption methods also been introduced - the use of the A5 algorithm to prevent the illegal customer theft. In addition, in the process of Authentication and decryption, parameters of key (Kc) and authentication key (Ki) on the interface will not be transmitted. Only the International Mobile customer identification code (IMSI) will be transmitted once. After that, the changing temporary code (TMSI) instead, therefore GSM communications are securer than the analog mobile communications. Feature 3, low cost. Their costs are lower than telephone cards. Furthermore, they are solid and durable and easily to be promoted.

2 SIM Card Introduction
2.1 Structure and type
SIM card is a smart card with a microprocessor and it consists of the following modules:

4

--- CPU --- Program memory (ROM) --- Working memory (RAM) --- Data memory (EPROM or E2PROM) --- Serial communication module These five modules must be integrated into an Integrated Circuit (IC), otherwise their safety would be threatened. This is because the chip connections may become illegal access and misappropriation of SIM cards important clues. In practice, there are two different forms of SIM cards with the same functions: (A) Full-size SIM card (commonly known as big card), this form of SIM cards with the IC cards of the ISO 7816 Standard [ISO7816], similar to IC card. The card has since been shrunk to the standard size of 25mm 15mm. (B) Embedded SIM card (commonly known as small card), the size of only 25 mm 15 mm, is a semi-permanent packed to the cards in the mobile station equipment. Two cards have installed waterproof, wear-resistant, anti-static contact with high accuracy and reliability characteristics.

2.2

Cryptographic

algorithm and secret key in SIM card

The most sensitive information of SIM card is the cryptographic algorithm A3, A8, secret Ki, PIN, PUK and Kc. A3, A8 algorithm were written into the SIM card in the producing process, and most people could not read A3, A8 algorithm. HN code could be settled by the phone owners. PUK code is held by the operator. Kc was derived in the process of encryption from Ki.

5

PIN and PUK: --- PIN –Personal Identification Number --- 2 PINs exist (PIN 1 and PIN2) --- Limited attempts on PIN access --- PUK –PIN Unblocking Code --- Resetting PUK, resets PIN and the attempt counter --- Too many attempts on PUK blocks use permanently

2.3 SIM File System
Let’s have a look at the Figure 2-1, the file system of a SIM is organized in a hierarchical tree structure, it consists of the following three types of elements: • Master File (MF) - the root of the file system that contains dedicated and elementary files. • Dedicated File (DF) - a subordinate directory to the master file that contains dedicated and elementary files. • Elementary File (EF) - a file that contains various types of formatted data, structures as either a sequence of data bytes, a sequence of fixed size records, or a fixed set of fixed size records used cyclically. In the other side, the GSM standards define several important dedicated files immediately under the MF: DFGSM, DFDCS1800, and DFTELECOM. For the MF and these DFs, several EFs are defined, including many that are mandatory. The EFs under DFGSM and DFDCS1800 contain mainly network related information respectively for GSM 900 MHz and DCS (Digital Cellular System) 1800 MHz band operation. EFs for U.S. 850 MHz and 1900 MHz bands are found respectively under those DFs as well.

6

Figure 2-1 SIM File System

In spite of SIM file systems are highly standardized, the standards allow flexibility such that their content can vary among network operators and service providers. For example, a network operator might not use an optional file system element, might create an additional element on the SIM for use in its operations, or might install a built-in function to provide a specialized service.

2.4 Data and Parameter
The following data are stored in the SIM card: ISDN, Ki, PIN, PUK, TMSI, LAI and ICCID (SIM card number): 898600 9F SS YY G xxxxxX Chk 898600 9 F SS YY G XXXXXX Chk fixed the last digit of Mobile Access No. functional spaces, tentatively 0 the province’s No. the year (last 2 digits) of ICCID establishment SIM card vendor’s No. random definition by operator Parity

7

The following tables describe the two Phases of SIM card in GSM: (1) Phase 1 GSM system parameters Table 2-1 system parameter data options in phase 1 Identifier 6FAD 6F38 6F07 6F7B 6F7E 6F20 6F30 6F74 6F78 Name Administrative Service Table IMSI Forbidden PLMN TMSI LAI Kc, n PLMN Selector BCCH Information Access Control Length 3 4 9 12 11 9 24 16 2

Service 1: PIN Disabling Service 2: Abbreviated Dialling Numbers Service 4: Short Message Storage Service 6: Capability Configuration Parameters Service 7: PLMN Selector Telecommunication business parameters Table 2-2 Telecommunication business options in phase 1 Identifier 6F3A 6F3D 6F3C 6F39 (2) Phase 2 Name Abbreviated Dialling Numbers Capability Config Parameters Short Message Storage Carging Counter Length 50*22 1*14 5*176 2

8

GSM system parameters Table 2-3 system parameter data options in phase 2 Identifier 6F05 6F07 6F20 6F30 6F31 6F38 6F45 6F74 6F78 6F7B 6F7E 6FAD 6FAE Name Language Preferernce IMSI Kc,n PLMN Selector HPLMN Search Service Table Cell Broad Message ID BCCH Information Access Control Forbidden PLMN TMSI LAI Admin Data Phase Ident Length 4 9 9 42 1 4 8 16 2 12 11 3 2

Service 9: MSISDN Service 10: Extension 1 file Service 12: SMS parameters Service 13: Last Number Dialled Service 14: cell Broadcasting Message Identifier file telecommunication business parameters Table 2-4 Telecommunication business options in phase 2 Identifier 6F3A 6F3C 6F3D 6F40 6F42 6F43 6F44 6F4A Name Abbreviated Dialling Short Message Storage Capability Configuration MSISDN SMS Paramters SMS Status Last Number Dialled Extension 1 file

9

2.5 The files on the SIM-card
The evidence on the SIM card is stored in the following files: [FGM03] Phase SST ICCID LP SPN MSISDN AND FDN LND EXT1 EXT2 GID1 GID2 SMS SMSP SMSS CBMI PUCT ACM ACMmax HPLMNSP PLMNsel FPLMN CCP ACC IMSI LOCI BCCH Kc AD Phase ID SIM Service table Serial Number Preferred languages Service Provider name Subscriber phone number Short Dial Number Fixed Numbers Last Dialled numbers Dialling Extension 1 Dialling Extension 2 Groups 1 Groups 2 Text Messages Text Message parameters Text message status Preferred network messages Charges per unit Charge counter Charge limit HPLMN search period PLMN selector Forbidden PLMNs Capability configuration parameter Access control class IMSI Location information Broadcast control channels Ciphering key Administrative data variable 1 byte 5 bytes 10 bytes variable 17 bytes variable variable variable variable variable variable variable variable n * 176 bytes variable variable variable 5 bytes 3 bytes 3 bytes variable variable 12 bytes 14 bytes 2 bytes 9 bytes 11 bytes 16 bytes

All of the stored data can potentially have evidential value. However, most of the files refer to network internals that the user never see, and therefore does not represent evidence on the usage of the telephone as such. We therefore limit the

10

discussion here to the files that typical represent relevant evidence on phone usage [GSM1111].

3 Threats to SIM Data
3.1 Attacks to the COMP128
COMP128 is a popular algorithm and a published standard. COMP128 design was completely private. The algorithm was not released to the public, therefore it lacks much needed peer general study. In 1997, a leaked document led to publication of COMP128. That document produced the majority of the code, and what was missing (about 4-6 lines) and was reverse engineered. [COMP128] In April of 1998, the Smartcard Developer Association along with 2 UC Berkeley researchers (Wagner/Goldberg) produced the first publicized attack on COMP128. It exploits the weakness in diffusion of the second round in the compression function. This is commonly referred to as a ’Narrow Pipe.’ The following examples are two simple attacks to the COMP128: (1) black box attack against the GSM-MoU example algorithm This does not utilise any hardware or software property of the SIM. attack against just one card, not against the system itself. (2) chosen plaintext / ciphertext attack approximately 160.000 - 200.000 very specific challenges were then required to calculate the secret, subscription specific key Ki. PIN has to be known or PIN-check disabled.

3.2 SIM cloning
SIM cloning consists of duplicating the GSM Subscriber Identity Module identification and placing calls or using other charged services using the account of

11

the cloned SIM [SIMCLO]. In the early several years, because of poor security features, cloning was more common than it is today. People can fake the SIM card with the SIM cloning technique. Cloning has now been rendered more challenging technically, it is as physical approach to the SIM card is required as opposed to simply being within radio reach. SIM cloning is nowadays more difficult to perform, as copying the contents of the SIM does not enable a duplicate SIM to operate, as the SIM itself performs security operations on the data contained inside to avoid such copying. In order to function, the cloned SIM needs to perform security operations on the data comprised, just like the old one. SIM cloning is also a great concern of security services because of its GSM location-based service undependable if more than one handset is using the same SIM card. Cloning SIM data for illicit use Two key pieces of data: IMSI, Data Encryption Key (Ki). IMSI can be obtained: From SIM using scanning software Eaves-dropping on networks for unencrypted transmission of the IMSI Ki can not normally be obtained directly as it is derived from encryption algorithm stored on SIM.

4 Security features
This clause defines the security attributes to be supported by the SIM, which are: authentication algorithm (A3); subscriber authentication key (Ki); cipher key generation algorithm (A8); cipher key (Kc); control of access to data stored, and functions performed, in the SIM. An algorithm A38 may perform the combined functions of A3 and A8.

4.1 Algorithms and subscriber authentication key
All reasonable steps shall be taken to ensure that the algorithms (A3 and A8) and subscriber authentication key (Ki) cannot be read, altered, manipulated or bypassed in such a way as to reveal secret information.

12

All MS processes that require the use of the subscriber authentication key shall be performed internally by the SIM.

4.2 Authentication
Authentication involves two functional entities: the SIM Card in mobile device the Authentication Center (AC) Each subscriber has a secret key, one copy of which is stored in the SIM card and the other is stored in the AC. During authentication, AC generates a random number that sends to the mobile. Both mobile and AC use the random number, in conjunction with subscriber's secret key and a ciphering algorithm called A3, to generate a number that is sent back to the AC. If number sent by mobile matches number calculated by AC, then subscriber is authenticated. A list of IMEIs in the network is stored in the Equipment Identity Register (EIR). The status returned in response to an IMEI query to the EIR is one of the following: White-listed: Terminal is allowed to connect to the network Grey-listed: Under observation from the network, possible problems Black-listed: Terminal has either been reported as stolen, or it is not type approved (the correct type of terminal for a GSM network). The terminal is not allowed to connect to the network.

4.3 Encryption
A stream cipher known as the A5 algorithm. Multiple versions with various levels of encryption. A5/0: no encryption. A5/1: original A5 algorithm used in Europe. A5/2: weaker encryption algorithm created for export, in removal. A5/3: strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP). Stream cipher is initialised with the Session Key (Kc) and the number of each frame. The same Kc is used throughout the call, but the 22-bit frame number changes during the call, thus generating a unique key stream for every frame. The
13

same Session Key (Kc) is used as long as the Mobile Services Switching Center (MSC) does not authenticate the Mobile Station again. The same Session Key (Kc) may be in use for days. Authentication is an optional procedure in the beginning of a call, but it is usually not performed. The A5 algorithm is implemented in the Mobile Station (MS). PIN locks the SIM card until correct code is entered. Each phone network sets the PIN of SIM to a standard default number. Can be changed via handset Protects account, even if SIM is inserted into another phone If PIN protection enabled, PIN will need to be entered each time phone is switched on. If PIN entered incorrectly 3 times in a row, SIM will be blocked requiring a PUK from network/service provider. PIN code 2 included with new SIM cards (GSM phase 2). Code controls access to advanced features of phone, i.e. fixed dialling list. A restricted list of numbers the phone can call. Default code is set by Service Provider, but editable. PIN entered incorrectly3 times-SIM blocked. Unable to make and receive calls/texts. PUK needed from network provider, or possibly GSM cell phone manual. Caution: if PUK entered 10 times incorrectly, SIM is permanently disabled and the SIM must be exchanged. Performs same function as the PUK, but for PIN Code 2. Service Provider has this code when needed.

4.4 Key Generation
A8 algorithm generates 64-bit Session Key (Kc). From 128-bit random challenge (RAND) received from Mobile Services Switching Center (MSC) and from 128-bit Individual Subscriber Authentication Key (Ki) from Mobile Station's SIM or Home Location Register (HLR). One Session Key (Kc) is used until the MSC decides to authenticate the MS again. This might take days. A8 actually generates 128 bits of output. The last 54 bits of those 128 bits form the Session Key (Kc). Ten zero-bits are appended to this key before it is given as input to the A5 algorithm. The A8 algorithm is implemented in the Subscriber Identity Module (SIM).

14

4.5 Subscriber data stored in ME
All subscribers related information conveyed into the ME during GSM network operations should be deleted from the ME after removal of the SIM, deactivation of the MS, or following an electrical reset of the SIM. This includes any data that was transferred to the ME by SIM Application Toolkit commands [SIMME]. The Subscriber related security codes might be kept inside the ME during the enforcement of the appropriate SIM/ME interface procedure. They should be deleted from the ME immediately after completion of the procedure. But in fact, an ME may retain some less security critical data at SIM removal or MS switch-off. Such data are SMS, LND etc. These data, when stored in the ME, shall only be readable or retrievable if the same SIM card is reactivated as determined by the IMSI. If the IMSI is retained in the ME for this purpose it shall be stored securely and shall not be able to be read out. Storage for other data such as SMS, LND etc., storage may also exist in the ME. These data stored in the ME, which have not been transferred from a SIM during a card session, are not subject to the above security restriction.

5 Future Evolution
5.1 UMTS
UMTS means Universal Mobile Telecommunications System. UMTS is one of the emerging mobile phone technologies known as third-generation, or called 3G. Third-generation systems are designed to include such traditional phone tasks as calls, voice mail, and paging, but also new technology tasks such as Internet access, video, and SMS, or text messaging, its speed will be much faster than the system nowadays (GSM) [WIUMTS]. The speed is one of the main benefits of UMTS. Current rates of transfer for broadband information are 2 Mbits a second. This speed makes possible the kind of streaming video that can support movie downloads and video conferencing. In a sense, UMTS makes it possible for the cell phone owner to enjoy all of the functionality of his home computer while he is roaming. By combining wireless
15

and satellite cellular technologies, UMTS takes advantage of all existing options to result in the Holy Grail of 3G presentation: seamless transitions between WiFi and satellite. It was in Japan in 2001, UMTS went live as a network for the first time. Austria had its own network two years later (2003). A handful of other European countries joined the UMTS bandwagon in the next two years, with South Africa and a few other African countries soon following suit. The U.S. has employed UMTS networks in several large cities, and the number is steadily growing. UMTS is based on the Global System for Mobile (GSM) standard, which is the gold standard in Europe and more than 120 countries worldwide. In fact, UMTS is sometimes referred to as 3GSM. The two systems are not compatible, however. UMTS is incompatible with GSM. Some phones are dual GSM/UMTS phones, but unless that exciting new mobile phone or handset that you can't wait to get your hands on has that kind of duality built in, you will only be able to utilize one mode, the one that came with the device. As UMTS gains in credibility and functionality, experts believe it will overtake GSM as the industry standard. UMTS is already able to operate at a higher frequency than GSM.

5.2 WCDMA
WCDMA stands for “Wideband Code Division Multiple Access". It is a worldwide communications standard offering a superior ability to handle multimedia communication, including high-speed data, voice, moving and still image transmission.
Type Name Committee Multiple access Duplex W-CDMA 3GPP Direct Sequence CDMA FDD CDMA cdma2000 3GPP2 Multicarrier CDMA FDD TD-CDMA 3GPP (with TDSCDMA) TD-CDMA TDD TDMA EDGE/UWC-136 ETSI and UWCC TDMA FDD

Table 5-1 The 3rd Generation mobile communication network [GGSFMC]

16

5.3 USIM Card
The Universal Subscriber Identity Module or named USIM card is the logical extension of the SIM card into the 3G environment. The USIM card is an evolution of the SIM card still under the control of the ETSI. The USIM card is also the heart of the mobile phone that enables people to communicate with ease. The computer chip inside stores people’s phone number, address book (up to 50 entries) and other information. Compare with the SIM card: Simply put, this is the world standard. GSM mobile phones used mainly in Europe utilize SIM card. The USIM card is a more sophisticated type that allows you to send and receive calls using your regular phone number in Japan and other major countries around the world.
Data Rates SIM card USIM card low high MultiSubscription Java-Based USAT Backwards Compatibility lack full

Table 5-2 Comparison of SIM and USIM

6 Conclusion
In this seminar work, we have presented the basic information and structure of the SIM card, also several attacks on the SIM card, e.g. the attack against COMP128 algorithm. So this means, SIM card have been broken? The answer is: No. The SIM card has successfully stood the test of time and we have shown that SIM card security is susceptible to certain attacks. We also have two most important security parts to protect it. However, with high costs involved to patch SIM cards globally, providers ignore the threats. Meanwhile, we are looking forward to the future evolution, the UMTS and USIM card. The new mobile system will be much faster and safer than the system GSM nowadays. We think, UMTS will be used commonly instead of GSM in the very near future.

17

References
[ISO7816] ISO: “Identification Cards - Integrated circuit cards with contacts”, International Standard, Parts 1-15. [GSM1111] GSM 11.11, December 1995, GSM TECHNICAL SPECIFICATION [FGM03] Willassen, S., 2003, Forensics and the GSM Mobile Telephone System, International Journal of Digital Evidence, Volume 2, Issue 1. [COMP128] Billy Brumley, A3/A8 & COMP128, T-79.514 Special Course in Cryptology, 2004 [SIMCLO] SIM cloning, http://en.wikipedia.org/wiki/SIM_cloning [SIMME] 3GPP, 2005a, Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface, 3rd Generation Partnership Project, TS 11.11 V8.13.0 (Release 1999), Technical Specification, (2005-06). [WIUMTS] What is UMTS? , http://www.wisegeek.com/what-is-umts.htm [GGSFMC] J. Eberspaecher / H.-J.Vorgel / C.Bettstetter, GSM Global System for Mobile Communication, 3. Edition, page 369

18


				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:136
posted:12/18/2009
language:English
pages:18